BizTech BizTech Podcasts

Ep. 104 Shocking Security Sales Blunders: Help Your Customers Quickly! With Jason Stein Pt. 1

February 14, 2024

Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube

Today in the studio, we’re joined by Jason Stein, Telarus VP of Security. Jason talks about blunders in the sales process we’ve seen in deals, from vendors, and even from customers. We take this new look with multiple perspectives with some great lessons learned to gleam. You might also here some interesting information about the Russian Spies!

Welcome to the podcast designed to fuel your success in selling technology solutions. I’m your host, JoshLupresto SVP of Sales Engineering atTelarus and this is Next Level BizTech.

Hey everybody, welcome back. We are here in the studio. As you can see, we’ve got a special guest on with us, VP of cybersecurity, Mr. Jason Stein. Thanks for coming in, my man. Thanks for having me. Good to be back. It is good. Today, man, we thought of this really cool title for this episode because we get to see so many deals. We get to see so many things happening in this involving landscape of security. So today is aptly titled Shocking Security Sales Blunders. Help your customers quickly. There’s urgency here.

For anybody that hasn’t listened, Jason has a phenomenal, wild backstory. I’m not going to talk about his history as a pastor. I’m not going to talk about his history as a bartender. If he brings it up, he brings it up.

So today what I’ve asked him to share with us is Jason, share with us a key lesson that you’ve learned over time, a situation, a mentor, a boss, something valuable. Share it with the partners. So I look back when I was young and I started to play chess and the best chess players were always Russian. I ended up being third in the nation in chess in ninth grade. So I had an opportunity to go work for the Russian spies. So of course, he’s not going to take that. I worked for Kaspersky Labs. I think that they’re an amazing company, have some incredible tech. But there was a gentleman who really shaped me and took me to another level from a leadership standpoint. His name was Don. Don was our GM. And at the time I was actually challenged with running North America during the first time we had ever seen really the US government decide to take down an organization and say that we don’t want them in our government entities. And, you know, as a US citizen, I completely understand that we don’t want foreign entities and technologies embedded into our stack. But he was fantastic. So at the height of when I started, I had 70 people reporting to me. And then it went to 50 and then it went to 40 and then it went to 30. And I was still responsible for $20 million worth of revenue, but yet trying to figure out how do I increase productivity with less people? And, you know, that was a really interesting challenge to figure out what is the best way to maximize people? How do you look at the business differently? You know, you have this mission usually seek and destroy. And he really educated and shaped me on really bringing more value to the industry, looking at payouts and percentages and what’s a deal worth and how do we incentivize our partners? And then how do we show the value during all the chaos that’s going on around me? And he really brought that honed focus for my for what I did in the industry and really shaped, you know, the next five years for me. So there’s a lot to unpack there. There’s wow, geez, I thought we were going to run us up to talk about not having the bartender and the pastor story. Please just open it up with the Russian spies. Man, so, okay, so obviously lesson learned and do more with less because we don’t trust the entity anymore. What’s that like to kind of be caught in the middle of, guys, I have some great tech. And over here, it’s, yeah, but we don’t trust it because we don’t know if it’s, you know, if it’s Trojan horse, more or less, right? That’s really intense. You know, I started to second guess things and started to worry about, you know, my reputation of being attached to it, but I thought the tech was incredible. So and everyone kept saying that the tech’s incredible, but they’re all, but we can’t use you. And so board of influencers were coming in, leaders within entities were putting a lot of pressure. I had to take intense training with public relations on how to talk to the media so that I didn’t say anything inaccurate. A lot of pressure, but super fun experience. I mean, I got to drive Ferraris and Monaco. I went to Russia five times. I just had a blast. I was trying to remember the name of this book. We had a buddy of mine who used to be the CISO at Honeywell and Michael Dell and all, you know, super connected, was in the CIA and was in charge of bringing down one of the highest ranking officials in the CIA ever convicted of espionage. I’m blanking on the name of the book. But if anybody wants to reach out to me, guy’s name is John McClurg. Awesome, fascinating guy. We’ve had him out speak at events before, but reminds me a lot of this story. But we won’t go into any espionage with that. Just a lot of lessons learned. Maybe that opens up future late night podcast stories. But anyway, all right, let’s fast forward. So your role here for anybody that doesn’t know and didn’t watch any of those previous episodes, VP of security atTelarus So what that means, you’re in charge of strategy. And there’s a lot that goes into that. So if we just look out here as we’re we’re looking at twenty twenty four, what is your read on how the businesses will look at security in twenty twenty four? What changes? What’s different?

Yeah, there’s a lot of different opinions on where security is going to go. The most interesting thing, though, is there’s still not enough good qualified security people out there. So you’re seeing this massive undertaking of outsourcing. Forty percent of board of directors are actually going to have a cybersecurity committee advising them. So when in the past where you didn’t get the budget to approve for certain types of cyber, you know, now it’s going to be there. You know, you’re still going to see organizations look to add a lot of layers of security, but they’re going to have to look at it differently. You need layers of security with the tech and then you need to figure out kind of what I did with doing more with less people. So you need to really diversify your team and put more layers in with the people that you have. And sometimes you need to outsource. We’re seeing a lot of CIOs and even chief security officers ask if they can get help and bring in resources to advise them. I think we’re going to see a big uptick on data privacy and risk because there’s a lot of organizations that are in the news recently, even some big casinos that spend a ton of money on cybersecurity that they were still compromised. So how do you limit your risk and still make sure that you have all those things in place? Identity and access management, I think is going to be a huge focus for us. Security awareness training because two of those breaches were actually caused by someone finding credentials and then calling into support and getting people to do it. It’s always the people. It’s still crazy. There’s such a great message here. The message is don’t be intimidated. I’m trying not to jump ahead. You’ve got some great things, tips for the partners, but the overall message in this is don’t be intimidated by any customer that you talk to. It doesn’t matter. None of them are doing enough and they’ll know it, but they need help uncovering where they need some of that assistance and how you can help them. You nailed it. So I spoke to a CIO recently. He was a $9 billion company. He had 15 people on his IT staff and I had a business conversation with him. I just talked to him a little bit about what are your challenges? What are your resources really good at? What do they struggle with? And that business conversation really led into him opening up. So I think that people overthink it sometimes. We’re going to see this rise of AI and what does artificial intelligence look like. And we have early adopters, but yet we don’t know what that’s going to look like from a security standpoint. We saw cloud 10, 15 years ago. Everyone wanted to put their stuff in the data center and virtualize. Nobody thought about how security was going to play a role. Now security is one of those conversations and we’re seeing cloud and security really overlap.

And I think you’re going to see that with CX being the early adopter of AI, IoT and OT, Internet of Things and people moving towards everything having an IP address and how do you manage that? And again, still with less people because CFO is not giving you budget for headcount, so you got to do it with tech. So trend wise, we talked about this years ago early on, the lack of resources. Statistically, it’s just not getting any better. Do you see that changing in 2024, right? The lack of CISSPs, all of that good stuff out there publicly. It’s still, it’s just getting worse, yes?

So we’re still 1.5 million jobs, fake cybersecurity jobs in the United States, 3.5 worldwide. But it’s funny because every time I meet somebody and they ask me what I do, they’re like, oh, my kid or my cousin or my nephew is getting into cybersecurity. So I think help is on the way, but it’s still not there yet. And the people that are getting their degree don’t have that practical experience. People who have the practical experience don’t have the certification. So it’s an interesting balance there that I think people don’t know what to do. But yes, I mean, every state I go to, I try to look at how many vacant cybersecurity jobs, how many vacant cloud engineering jobs, how many vacant risk compliance jobs, and there’s still 10 to 20,000 in almost every state I go to. Love it. Love it. Now, it’s a good point. Great point. All right. Okay, let’s let’s talk about mistakes. So we talked about all the rosy, all the fun, all the greats, all that stuff. But let’s dive deep into the sales strategy side of things. So question for you is with regard to the sellers out there, right, as you’ve been and you’ve seen partners selling security, common security sales, mistakes, slip ups and help me address these.

We see partners try to sell the same way that they sold voice and data, or some of the texts that they’ve been doing for a long time, which is, let me try and save you money, ROI. But, you know, security is not a cost savings, it’s a cost investment. You actually have to invest in it. So you can’t sell that same way. The second thing is don’t do it alone. We see a lot of people try to control the conversation, or they try to say, let me be that liaison in the middle, and I’ll go back and forth between my client and the engineer. And it doesn’t work that way because one, you may be talking about a specific technology that your client said, but you can’t stop with that question just because you go through a series of questions. And then you find one thing that your customer needs doesn’t mean that you should stop the additional lines of questioning that we have in our solution view, you should continue and ask more. What are you doing for email security? What’s your team good at? What do they struggle with? What are some of the things that are burdens to them? What are they not really technically savvy yet? And a lot of times they’ll uncover and say, oh, compliance is something newer, and my guys aren’t experts in compliance. It’s something that we’ve had to do, and it falls on IT. Cyber insurance, there’s so many different checklists that you need to do. And so we find either that they panic, and they just try to focus on that one thing instead of asking the rest of the questions, or they don’t know when to bring in a hilarious resource. And sometimes they don’t let the suppliers come in with really subject matter experts and help be a part of that conversation. And what we do is we shift over to that side of the table with the client, and we actually become an extension of them. And it shows now that they went from five to seven resources, which is huge as they’re making that decision. I suppose it’s a good time for a plug here of our ability at Tilaris to help the partner in their stage of growth or their stage of opportunity, whatever it is. If they want recommendations, if they’re going to throw out some quick names to a customer, great, we can help with that. If they want to get us all on a discussion about how do I strategically build my business around this, great. If they’re tactically in a discussion and they want us pulled into that, we’ve got a multitude of different qualified resources that we’ll touch on at some point to help them with that. But to your point, too, there’s great tools there. If they want to roll through SolutionView and they want a white labeled piece of software that they can go through that is customer facing while they’re doing it, great, they can go through that if they’re not comfortable with those. So good, great, great call out there. Right. I think we’re flexible. Well, let me add that, you know, our engineering resources, we have the most in the industry for CISSPs. We have the most security savvy engineers in this space. And so why not rely on them? I do is somebody who’s leading the practice. I still pick up the phone and work with your team to figure out how should we attack this client? What are some of the providers that we should be looking at? Is there something that I didn’t think about? So even if I do that, then the average partner who’s not an expert in cybersecurity should be leaning on our resources because they are spectacular. Love it. Love it. We got to give Jeff Hathcote some love. Jeff, if you’re watching, listening. Oh, man.

All right. So let’s talk about now that we talked about the sellers, let’s talk about the customers, right? So we’re in this conversation to help our partners find the opportunities, walk through the opportunities, whatever or however they might look. But this is about the sellers. I’m sorry, this is about the customers. Talk to me about the customers. What are the mistakes that you see the customers making in some of these processes, decision making early on, late stage, whatever it is?

There’s a lot, actually. So one, the average age of a CIO, CTO these days is still between 40 and 50. Some of them that I talked to have been out of the weeds for five to 10 years, which means that the techs pass them by. So they’re reliant on their team. And if their team is subject matter experts on lesser inferior technology, a lot of times that’s what they put in. So they don’t have that phone a friend. So what I see is either a lack of knowledge in security, a lack of what’s the best tech. They may have inferior tech from an older decision that they made. They don’t have a phone a friend. They don’t pick up the phone and have anybody like that. So I’ve actually implemented that. And if you’re a partner, I usually say, do you have a safe space? Do you have somebody you can pick up the phone, call and say, here’s some of the things we’re evaluating. Are they the best tech? What do you think? What are the pros and cons about them? Should we be looking at anything else? No judgment. A lot of times a CISO doesn’t want to pick up the phone and go talk to his peer and air his dirty laundry. The other thing is arrogance. We see a lot of customers that say, I’m good. I don’t need your help. Really? Because you only have four people. It’s great that you think that way, but I’m not here to judge you. I’m not here to do anything other than give you a pat on the back and say, great job. You have all the things that you should have in place, but I can tell you there’s maybe 0.001% of the people that I’ve ever sat down with are 100% where they should be. And even then they’re looking for additional layers so that they don’t get compromised. The last thing is not enough cybersecurity awareness training. You know, you think just something small like email security. There’s 339 billion emails that go out every single day. And 85% of them have malware or something malicious in them. And still 80% of all breaches are caused by humans. And Gardner says that the average employee spends 49 minutes a year doing cybersecurity awareness training. And those big breaches that we just heard about in the news and the casinos were all caused by humans because they weren’t trained properly. So those are the little things people are spinning the roulette wheel and hoping it doesn’t happen to them. And you can’t look at it that way. So I just think that if you can have a business conversation and really, really show the value that we have somebody who’s going to come in, be that person you can pick up the phone. And we’re not here to try and sell you anything. We’re just here to whiteboard your environment. Talk about where we see gaps. Talk about what other peers are doing in your space and help you create a roadmap for free. Would you be interested in having that conversation? Yeah, you know, you bring up two things. I think arguably one of the most cost effective measures for security is employee awareness training. And it surprises me how much of a lack that there is of that, when people just say no, no, no, no, no, I’m good. I’m good, right? So one, I just, that should be honestly, it should be on every order at this point purely out of obligation. And I think that’s our role in this is that we don’t come at this to your point. We don’t judge. We don’t care. We just want to help. And I think we feel obligated in this security capacity to help customers just do better. We don’t want to see breaches. We don’t want to see any of that happen. Right. It would be great if they didn’t need us. But the reality is we’re obligated to help and just stay one step ahead of the bad guys. I think that really is, I think I only use the word obligated four times. So I’m just going to say it again. We are obligated and it is our duty to help. And it’s kind of what we sign up for it. Some of these security certifications too. Yeah. All right. So let’s talk about, I’m not a technical seller. I’ve sold XYZ, whatever products, right? And that’s probably the biggest feedback that honestly I get out of this podcast is you helped paint a journey of what it’s like from all these different purviews to sell X technology. I was over here selling these four or five different ones. I’d never sold this. I didn’t want to. I wasn’t comfortable with it. So for the non-technical sellers out there, you do a lot of great things. There’s a lot of great avenues. Help us understand for those sellers, not technical, what do we offer them to build confidence in selling security or just some practical steps and strategies? So I would start with attending some of our events. We put a lot of work into our events. We make them unique and different and we’re updating content for 2024. So if you’ve attended one in the past, but in a send is fantastic for cybersecurity and cloud. You’ll learn different personas. You’ll learn how to have a business conversation. You learn how to prepare for a conversation with your client. You don’t just pick up the phone and start just rattling stuff off. You actually go to their job boards and see, do they have open job boards in cybersecurity or cloud or, you know, compliance? You actually figure out how to deal with different industries, whether they’re retail or manufacturing. You learn how to deal with different personas within an organization. How do you talk differently to a CISO and a CIO and a CFO? And what are their driving factors? And so attending an ascend event is really going to give you some of that practical knowledge you need. And then the lightning trainings. We put a lot of work into lightnings and we get granular into the weeds on the tech. You know, I go through a question or a technology. I simplify it. I tell you what it means. Then I tell you how to use it in a business conversation. And then I do case studies on other success stories that have happened from that and how to put it into practical use. And so, you know, our QSA that we put together in solution view is fantastic. We have that for cybersecurity. It’s got 25 questions and knowing those questions is allows you to start the conversation. And you don’t need to get sidetracked if somebody starts to throw a curveball at you and says, tell me a little bit more about Palo Alto. What do you do? Fantastic. Sounds like you’re interested in having one of our engineers come in there. Fantastic. We can go into outer space. But let me ask you a few more questions so that we get through everything. So I prepare them for this conversation. And then you get plugged in into our LMS. You know, our back office university. And we put a lot of effort into that, not just on videos from us internally, but we have our suppliers. You can learn so much. But getting plugged in in those ways is going to really allow you to overcome those fears and start the initial conversation. And you’re going to see success. Love it. All right. Let’s talk about success for a second. So out of all these things that you’ve done, a lot of these strategies, right? Maybe these are new for some people that haven’t gone through it yet. But walk us through somebody that because of these strategies, the way that you helped train them on that it amounted to a huge success for them just in their business or on a specific opportunity either.

So I have two. Both of them were top 10. It’s consistently year over year with Telerus and neither one of them were focused on cybersecurity. Really good at UCAS. Really good at contact center. Really good at selling voice and data. And they struggled with security. They didn’t want to look like inferior to their client when they’ve been that subject matter expert for years. And they said, listen, stop worrying about the tech worry about the business. And so as they started to do that, they led with just an assessment and talking about what’s the baseline? Do you have risks in your environment? Do you have gaps? Do you have vulnerabilities internal and external? And the assessment got them going on a simple conversation. Then they brought in an engineer and then they listened and they realized that it is more of a business conversation. A few tech questions come up here and there, but you learn as you go. And now both of them are doing events. They’re focused on cybersecurity. And one of them said to me, well, it’s way easier than I thought you were right. And I’m focused on cybersecurity for the future of my business. That’s all I want to focus on. And they’ve increased revenue astronomically because of it, because they were leaving that revenue on the table. And we’re seeing security grow so amazingly within Telerus. You know, we’re going from 600,000 and monthly reoccurring when I got here to ending the year over 3 million a monthly reoccurring in two short years. So we’re going to continue to see those efforts grow because partners are feeling more comfortable. I had one other partner say, I heard your name six months ago. I didn’t know who you were. And so I had a conversation with him and he said, now your name’s come up all the time. And so I had to attend an event to see what you’re about. And I did a lightning training. He said, you are the real deal. I was waiting for somebody to come coach me. Let’s pause for a second. Sean, let’s go back on this. Let’s make a note, like 15 seconds ago or so. Let’s just cut. I won’t put the dollar amounts in any of these. So let’s go back to your track. We’ll replace that with we went from selling very little insecurity years ago to, you know, double digit growth every blah, blah, I don’t know, whatever you want to say. However you want to say that. We go back to that. Okay. So, you know, when I got here two years ago, we went from, you know, small amounts of cybersecurity to hundreds of percent growth year over year. And it’s just been amazing to watch that increase. And I had a partner come to me and say, I heard your name about six months ago. And, you know, then I’ve heard your name several times. I wanted to attend an event and see what it was about. And so I did a lightning training with them. And he said, you are the real deal. I’ve been waiting for somebody to come along and teach me and train me and make me feel as though cybersecurity is an easy conversation. And you did that. Yeah, I love it. I love I love seeing, you know, before we would get so excited about a random security deal years ago, but to see that more much more consistent now has been awesome. So kudos to you is that’s gotten built it out. Awesome. Awesome stuff.

Okay, so last couple thoughts here. Let’s talk about the future. So trends or developments that you see on the horizon here, security sales, and how do these sellers stay prepared for it as this landscape evolves? Yeah, so we’re constantly trying to evaluate one, what are we getting asked for? And that’s what’s great about leaning in with the teller resource. Our engineers are the best. But, you know, we know that going into next year is going to be the rise of AI. So we need to stay ahead of that. We need to look at what does security look like in that AI space? And we’re having those conversations. CX, you know, we have all this amazing context center unified communications, and we need to secure that. And so how do we do that? IOT mobility, how do we get our arms around everything with an IP address that’s, you know, potentially got the ability to be a risk? I mean, you think about one of the casinos actually had an aquarium on their fish tank, and they were solid, but the aquarium took them down. We saw another big retail shop get taken down by the air conditioning unit. So everything was an IP address is susceptible to being compromised. So we’re looking to stay ahead of the game. And that’s why we go to RSA and black hat to sell. And we’re looking at RSA and black hat to see what’s the new tech that’s out there? How do we get them added to our portfolio and stay ahead of our peers and our competition? And, you know, how do we limit the risks? I think the risks are the most important thing. If we can limit the risks, put that digital immunity in place, then I think that’s going to make people more aware. And our goal is to find that zero day threat that no one’s ever seen before on that first day. You know, because breaches happen, it’s just how quickly we can find it, mitigate it and get back to normal. So before I ask you this last question here, as we wrap this up, where we’re going to approach this from, I’m a business, right? I’m the actual end business. What I love questions. So you what you just kind of painted was it doesn’t matter what technology you’re selling the customer, have a mindset of risk and have a mindset of you’re doing this, how are you securing it? You’re buying this product that has data, where is that data going? How’s it going to be secured? So where you go, question wise, what are just the risks? Question wise, what are just your favorite questions that you’ve given to people as just a little just a start. And that’s uncovered things that were unexpected. So you hear a lot of people say, you know, let’s talk about your 2024 roadmap, what does that look like? And so what I say then on top of that is as they start to share it. Okay, you have a CX initiative, how does security play a role in the decision that you’re going to make and the provider that you’re going to go with? You have this initiative to outsource your cloud. How are you going to secure that? How are you going to give people access securely to get that data? How are you going to give your clients secure data? How does that compliance come into play as you’re looking to make this decision? Have you thought about the risks there? Have you thought about the data privacy? So I like that. Those lines of questioning is taking a step further and making them see you as a subject matter expert and see that security does need to be part of it. It does need to be part of every single decision that an IT decision maker makes. That’s what a CISO does. He comes in, he looks at the security posture within an organization and he says we need to mature it. I need to make sure that security is part of every single thing I do. One, because I need to keep the bad guys out. Two, if the bad guys get in, I need to mitigate it. Three, I need to work with our cyber insurance, our PR firm, and make sure that we qualify to get the payments back, to get up and running. We limit the damage that we potentially could have. So those are all business. Nothing I said there was technical. I love it. All right, final thought. The reason I’ve started adding this question in here is because we’re hearing partners are steering customers to the podcast. Just talk about, hey, listen to this. These are some of the capabilities that our resources have, our teams have. So if I’m a business and I’m listening to this, one of our partners, businesses and customers or prospective customers, and I know that I have some security gaps and I’ve got to address these in 2024. I’m the customer. What do you offer me? How do I consider that to incorporate that further into security in my environment? Is there pitfalls, considerations? What would you tell me? I would say first, you don’t have to do this alone. You know, cybersecurity is a big burden for a lot of organizations. You have someone you can pick up the phone, phone a friend, pick it up, grab one of our resources, grab an engineer, and let’s talk tech. Let’s talk about pros and cons of each of those different texts and what you’re looking at, how you’re looking to implement it. What’s the impact of the business? Let’s make sure you’ve evaluated all the right ones. You can lean on us. We have all those certifications, resources, and the best of the best in this industry for a reason. We do this every day for thousands of customers. So you don’t have to do that alone. And outsourcing is okay. You don’t have to control all the people anymore because those people leave. They go on vacations. They want to have a livelihood. You know, with the rise of AI, you know, Morgan Stanley says that we’re going to see 40% of the workforce actually no longer be needed. That’s huge. So if that’s the case, then we need to make sure that we replace one individual with a team of people and technology that can help protect the organization. It’s more reasonable than you think. Our job is not to get rid of any of your resources, but to make them proactive versus reactive and get them to do more unique things for the organization that can help protect them versus just running around with their hair on fire. Love it. All right, Stein, that wraps us up, man. Appreciate you coming on. It’s been good stuff. Found it. Thank you for having me. Next time we’ll dive more into the Russian spies. All right, everybody, that wraps us up for today. I’m your host, JoshLupresto SVP of Sales Engineering, Jason Stein, VP of Security. This has been Security Sales Blunders. Until next time.